Inputs Apps
Splunkbase is home to the apps and add-ons that run on top of Splunk. Browse the latest apps below, or share your own with the rest of the Splunk community. To learn more about Splunk and download a free Enterprise Trial of our software, visit Splunk.com.
Want to define new inputs for your Splunk server?
Input apps let you download pre-made definitions for bringing even more data into your Splunk server. Or, you can share your own! Along with those definitions, since apps allow you to include more than one type of content, you can roll together a complete solution for a particular situation or program.
Splunk for Cisco Security
Splunk for Cisco is an application that provides a consolidated view of specific Cisco product events. The apps and their saved searches and dashboards, can be used separately or can be used together to provide a unique-to-Splunk single-pane-of-glass for host, network, and email security events.Cisco applications covered are: - Cisco CSA - Cisco Email Security Appliance (formerly Ironport) - Cisco Web Security Appliance (formerly Ironport) - Cisco ASA (firewall and IPS logs) This combination of log data provides: - A correlated view of infected hosts with data loss information from WSA/ESA - The ability to follow the connection between related data acrossdifferent hosts - The ability to trace threats in real time utilizing reputation from Cisco Global Correlation IPS events
Splunk for WebSphere Application Server
The Splunk for WebSphere® Application Server app allows you to search and report on your WAS logs, JVM metrics, and server configuration files in Splunk 4.1.3 or later. This app also works with IBM applications based on WebSphere, such as WebSphere Portal or WebSphere Commerce -- only things unique to those apps which don’t go in the shared WebSphere logs need to be indexed separately by Splunk.
Splunk for UNIX (Splunk 3 Compatible)
The Splunk for UNIX application is a compilation of a dashboard, saved searches, eventtypes, and field extractions that work for various flavors of UNIX. In addition, the application also ships with a set of scripted inputs that can be used to monitor UNIX machines. Inputs like top, ps, vmstat, iptables, and netstat, are supported.
Splunk for IMAP
This application will continually download mail from an imap account where it is indexed by a Splunk server. You can do cool things like see how often you get mail from someone, graph by size, time, etc.
Splunk for Change Management
Splunk for Change Management provides predefined reports and dashboards to facilitate change auditing, change detection, change reporting, change validation and incident response based on change events, change tickets and configuration files.
Splunk for Unix and Linux
Splunk for *nix provides pre-built data inputs, searches, reports, alerts and dashboards for Linux and Unix management. Now you can monitor, manage and troubleshoot *nix operating systems from one place with Splunk for *nix. Included are a set of scripted inputs for collecting CPU, disk, I/O, memory, log, configuration and user data. The app makes getting started with Splunk a breeze.
Web Page Monitor
This bundle will check a set of webpages every interval and index the result, time, size and optionally content and or crc of page(s). It's cool to do searches to see when your pages change, take long to load, or many other cool things.
Script for database inputs
This script is designed to be used as a scripted input for data contained in database tables. Plese refer to the Splunk Admin guide for more information on configuring scripted inputs. The script has been successfully used in a number of deployments, and should work with Oracle, MySQL, and sybase databases as-is. Other database types can be added by installing the appropriate perl DBD module, and editing the script to configure for the new dbtype. In this version, all of the SQL code has been abstracted from the script, and all parameters including the query are passed as commandline arguments to the script.
Splunk for Windows for Splunk 3.x
Splunk for Windows application is a compilation of saved searches, eventtypes, inputs, and field extractions for Windows. The extractions are compatible with the Splunk Common Information Model. The application also contains an integration for Microsoft’s System Center Operations Manager.
Splunk for OSSEC (Splunk v4 version)
This package contains parsing logic, saved searches, and dashboards for monitoring the OSSEC Host-based Intrusion Detection System via Splunk. Please read the Installation section - the app WILL NOT WORK without configuration.
Splunk for Network Security
The Splunk Network Security application offers a set of reports, saved searches, and dashboards, as well as corresponding alerts that you can use to monitor your firewalls, intrusion detection and prevention systems, as well as operating systems.
Negative Searching Demo Bundle
This bundle, created jointly by Maverick and Stephen Sorkin, demonstrates a way to perform negative searches by indexing known patterns and catching anomalous patterns into a separate index.
IPMI Fan Speeds
Gather and report on system fan speeds using ipmi
javac++ bundle
adds reasonably good support for C++ and Java source code by breaking functions, classes, and structs into different events.
Dee's wtmp input bundle
Help Splunk to index the output of last (from /var/log/wtmp), even though it's in a binary format.
SMART Disk Reporting
This bundle outputs this text : === START OF INFORMATION SECTION === Model Family= Seagate Momentus 7200.1 series Device Model= ST910021AS Serial Number= 3MH0498W Firmware Version= 3.07 User Capacity= 100,030,242,816 bytes Device is= In smartctl database [for details use: -P show] ATA Version is= 7 ATA Standard is= Exact ATA specification draft version not indicated Local Time is= Mon Aug 20 00:38:18 2007 PDT SMART support is= Available - device has SMART capability. SMART support is= Enabled === START OF READ SMART DATA SECTION === SMART overall-health self-assessment test result= PASSED Which is then indexed by Splunk.
WildPackets packet number removal
Removes packet numbers from WildPackets events.
OSX Battery Monitor
Bundle for monitoring battery usage on an OSX based laptop.
Sancp/Sguil Add-on
This bundle indexes sancp logs when sancp is patched with the sguil output patch, extracts the fields, then sends to a processor which converts the decimal IP addresses to dotted format.
Exchange fields and inputs
This add-on applies to Microsoft Exchange event tracking logs, bringing their field names into compliance with the Splunk interface standard (see http://www.splunkbase.com/howtos/Splunk/howto:Understanding_Splunk's_interface_standards).
Netcache fields, inputs, and event types
This add-on normalizes Netcache fields so that other Splunk applications understand them.
Sendmail fields, inputs, and event types
This add-on applies to Sendmail logs, bringing their field names into compliance with the Splunk interface standard (see http://www.splunkbase.com/howtos/Splunk/howto:Understanding_Splunk's_interface_standards).
Splunk for Snort
This application applies to Snort alert logs, bringing their field names into compliance with the Splunk interface standard (see http://www.splunkbase.com/howtos/Splunk/howto:Understanding_Splunk's_interface_standards).
Splunk for Snare
The Splunk for Snare application offers eventtypes and field extractions for Snare collecting Windows events.
Splunk for Network
This is a simple application to monitor change on network device configurations. It runs a scripted input to request the network device upload it's configuration file to a tftp server. The input reads /tftpboot for any files that get uploaded and indexes them through the fschange source.